Table of Contents
Advertisement
12
U
AQL Q
SING THE
Using the Count(*)
Clause
Using the Distinct
Clause
Using the Count
(Distinct ...) Clause
CLI
UERY
For example:
select sourceBytes, sourceIP from flows where sourceBytes >
1000000 order by sourceBytes
Or, if you wish to display results in ascending order:
select sourceBytes, sourceIP from flows where sourceBytes >
1000000 order by sourceBytes asc
Combing the
group by
creating data, such as, TopN lists to determine the most abnormal events or the
most bandwidth intensive IP addresses. For example, the following query displays
the top traffic intensive IP address in a descending order:
select sourceIP, sum(sourceBytes) from flows group by sourceIP
order by sum(sourceBytes) desc
You can use the
count(*)
query. For example, if you wish to count all events with credibility equal to or
greater than 9:
select count(*) from events where credibility >= 9
You can use the
distinct
group of columns. This clause is similar to the
clause ensure ANSI SQL compatipility. For example:
distinct
select distinct sourceIP, sourcePort from flows where
sourceBytes > 1000000
You can use the standard
counts. Using the AQL CLI, you can only use one field. For example, if you wish to
view all the IP addresses that are connected to a specific IP address over time:
select count(distinct sourceIP) from flows where destinationIP =
'192.168.61.71'
Or, if you wish to view the number of unique source IP addresses communicating
with a particular destination IP address:
select destinationIP, count(distinct sourceIP) from flows group
by destinationIP
Note: Using this clause may require additional system resources. Therefore,
depending on the query, the amount of time to return results may vary.
AQL Event and Flow Query CLI Guide
and the
clauses in a single query is useful for
order by
clause to count the number of records matching your
clause to select unique rows based on a column or a
SQL Count(Distinct ...)
clause, however, the
group by
clause to obtain unique
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE and is the answer not in the manual?
Questions and answers